QUESTION 191 Your network contains an Active Directory forest named contoso.com. The forest contains two domains named contoso.com and childl.contoso.com. The domains contain three domain controllers. The domain controllers are configured as shown in the following table. You need to ensure that the KDC support for claims, compound authentication, and kerberos armoring setting is enforced in the child1.contoso.com domain. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

QUESTION 192 You have a server named Server1 that runs Windows Server 2012 R2. The storage on Server1 is configured as shown in the following table. You plan to implement Data Deduplication on Server1. You need to identify on which drives you can enable Data Deduplication. Which three drives should you identify? (Each correct answer presents part of the solution. Choose three.)

A. C B. D C. E D. F E. G

Answer: BDE Explanation: Volumes that are candidates for deduplication must conform to the following requirements: * (not A) Must not be a system or boot volume. Deduplication is not supported on operating system volumes. * Can be partitioned as a master boot record (MBR) or a GUID Partition Table (GPT), and must be formatted using the NTFS file system. * Can reside on shared storage, such as storage that uses a Fibre Channel or an SAS array, or when an iSCSI SAN and Windows Failover Clustering is fully supported. * Do not rely on Cluster Shared Volumes (CSVs). You can access data if a deduplicationenabled volume is converted to a CSV, but you cannot continue to process files for deduplication. * (not C) Do not rely on the Microsoft Resilient File System (ReFS). * Must be exposed to the operating system as non-removable drives. Remotely-mapped drives are not supported. http://technet.microsoft.com/en-us/library/hh831700.aspx

QUESTION 193 You have 20 servers that run Windows Server 2012 R2. You need to create a Windows PowerShell script that registers each server in Windows Azure Online Backup and sets an encryption passphrase. Which two PowerShell cmdlets should you run in the script? (Each correct answer presents part of the solution. Choose two.)

QUESTION 194 Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1 that runs Windows Server 2012 R2. You need to ensure that a WIM file that is located on a network share is used as the installation source when installing server roles and features on Server1. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. Run the dism.exe command and specify the /remove-package parameter. B. Run the Remove-WindowsFeature cmdlet. C. Enable and configure the Specify settings for optional component installation and component repair policy setting by using a Group Policy object (GPO). D. Enable the Enforce upgrade component rules policy setting by using a Group Policy object (GPO). E. Run the Remove-WindowsPackage cmdlet.

Answer: AC Explanation: A: To remove packages from an offline image by using DISM Example: At a command prompt, specify the package identity to remove it from the image. You can remove multiple packages on one command line. DISM /Image:C:\test\offline /Remove-Package /PackageName:Microsoft.Windows.Calc.Demo~6595b6144ccf1df~x86~en~1.0.0.0 /PackageName:Microsoft-Windows-MediaPlayerPackage~31bf3856ad364e35~x86~~6.1.6801.0 C: * You can use Group Policy to specify a Windows image repair source to use within your network. The repair source can be used to restore Windows features or to repair a corrupted Windows image. * Set Group Policy You can use Group Policy to specify when to use Windows Update, or a network location as a repair source for features on demand and automatic corruption repair. To configure Group Policy for Feature on Demand Open the group policy editor. For example, on a computer that is running Windows?8, click Search, click Settings, type Edit Group Policy, and then select the Edit Group Policy setting. Click Computer Configuration, click Administrative Templates, click System, and then double-click the Specify settings for optional component uninstallation and component repair setting. Select the settings that you want to use for Features on Demand. Note: * The Windows Imaging Format (WIM) is a file-based disk image format. It was developed by Microsoft to help deploy Windows Vista and subsequent versions of Windows operating system family, as well as Windows Fundamentals for Legacy PCs.

QUESTION 195 Your network contains an Active Directory forest. The forest contains two domains named contoso.com and fabrikam.com. The functional level of the forest is Windows Server 2003. You have a domain outside the forest named litwareinc.com. You need to configure an access solution to meet the following requirements: – Users in litwareinc.com must be able to access resources on a server named Server1 in contoso.com. – Users in the contoso.com forest must be prevented from accessing any resources in litwareinc.com. – Users in litwareinc.com must be prevented from accessing any other resources in the contoso.com forest. Which three actions should you perform? (Each correct answer presents part of the solution. Choose three.)

Answer: DEF Explanation: D (not C): litwareinc.com is outside the forest so we need an external trust (not a forest trust). E: Must grant the required permissions on Server1. F(not B): For external trust we must either select Domain-Wide or Selective Authentication (forst- wide authentication is not an option) BCE Note: * You can create an external trust to form a one-way or two-way, nontransitive trust with domains that are outside your forest. External trusts are sometimes necessary when users need access to resources in a Windows NT 4.0 domain or in a domain that is located in a separate forest that is not joined by a forest trust. / To select the scope of authentication for users that are authenticating through a forest trust, click the forest trust that you want to administer, and then click Properties . On the Authentication tab, click either Forest-wide authentication or Selective authentication . / To select the scope of authentication for users that are authenticating through an external trust, click the external trust that you want to administer, and then click Properties . On the Authentication tab, click either Domain-wide authentication or Selective authentication . * The forest-wide authentication setting permits unrestricted access by any users in the trusted forest to all available shared resources in any of the domains in the trusting forest. * Forest-wide authentication is generally recommended for users within the same organization. Reference: Select the Scope of Authentication for Users http://technet.microsoft.com/en-us/library/cc776245(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc755844(v=ws.10).aspx

QUESTION 196 Your network contains an Active Directory domain named contoso.com. The domain contains a file server named Server1 that runs Windows Server 2012 R2. All client computers run Windows 8. You need to configure a custom Access Denied message that will be displayed to users when they are denied access to folders or files on Server1. What should you configure?

QUESTION 197 Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The forest contains three Active Directory sites named SiteA, SiteB, and SiteC. The sites contain four domain controllers. The domain controllers are configured as shown in the following table. You discover that the users in SiteC are authenticated by the domain controllers in SiteA and SiteB. You need to ensure that the SiteC users are authenticated by the domain controllers in SiteB, unless all of the domain controllers in SiteB are unavailable. What should you do?

A. Create additional connection objects for DC3 and DC4. B. Decrease the cost of the site link between SiteB and SiteC. C. Create a site link bridge. D. Disable site link bridging.

Answer: B Explanation: By decreasing the cost between SiteB and SiteC, the SiteC users will be authenticated by SiteB domain controllers. Note: * A site link bridge connects two or more site links and enables transitivity between site links. Each site link in a bridge must have a site in common with another site link in the bridge. * By default, all site links are transitive.

QUESTION 198 Your network contains an Active Directory domain named contoso.com. The domain contains a. DC2 has the DHCP Server server role installed. DHCP is configured as shown in the exhibit. (Click the Exhibit button.) You discover that client computers cannot obtain IPv4 addresses from DC2. You need to ensure that the client computers can obtain IPv4 addresses from DC2. What should you do?

QUESTION 199 Your network contains an Active Directory forest named adatum.com. All servers run Windows Server 2012 R2. The domain contains four servers. The servers are configured as shown in the following table. You need to deploy IP Address Management (IPAM) to manage DNS and DHCP. On which server should you install IPAM?

QUESTION 200 Your network contains an Active Directory domain named contoso.com. All servers run Windows Server 2012 R2. The domain contains a domain controller named DC1 that is configured as an enterprise root certification authority (CA). All users in the domain are issued a smart card and are required to log on to their domain-joined client computer by using their smart card. A user named User1 resigned and started to work for a competing company. You need to prevent User1 immediately from logging on to any computer in the domain. The solution must not prevent other users from logging on to the domain. Which tool should you use?